Cross site request forgery (csrf)

2007-05-1622:30:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.8%

JSON

The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.

References

osvdb.org/35968

secunia.com/advisories/25302

securityreason.com/securityalert/2712

www.3com.com/securityalert/alerts/3COM-07-001.html

www.gamasec.net/english/gs07-01.html

www.kb.cert.org/vuls/id/739224

www.securityfocus.com/archive/1/468633/100/0/threaded

www.vupen.com/english/advisories/2007/1817